Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsSalesforce Inc. › 18891779
Last updated: April 19, 2026
Application No. 18/891,779

DISTRIBUTED DENIAL OF SERVICE PROTECTION MANAGEMENT

Non-Final OA §103
Filed
Sep 20, 2024
Examiner
HUSSEIN, HASSAN A
Art Unit
2497
Tech Center
2400 — Computer Networks
Assignee
Salesforce Inc.
OA Round
1 (Non-Final)
58%
Grant Probability
Moderate
1-2
OA Rounds
3y 1m
To Grant
99%
With Interview

This examiner grants 58% of cases after interview

+52.2% interview lift. A telephonic interview to clarify the technical implementation could significantly improve the outcome.
Based on 127 resolved cases, 2023–2026

Examiner Intelligence

HUSSEIN, HASSAN A View full profile →
Grants 58% of resolved cases
58%
Career Allow Rate
73 granted / 127 resolved
-0.5% vs TC avg
Strong +52% interview lift
Without
With
+52.2%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
36 currently pending
Career history
163
Total Applications
across all art units

Statute-Specific Performance

§101
4.9%
-35.1% vs TC avg
§103
69.8%
+29.8% vs TC avg
§102
2.9%
-37.1% vs TC avg
§112
12.8%
-27.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 127 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This office action is in response to the application filed on 09/20/2024. In which, claims 1-20 are pending and being considered, claims 1, 15 and 20 are independent, claims 1-20 are rejected. Specification The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 7, 11-13, 15 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yehudai et al. (U.S Pub. No. 20190372934, hereinafter referred to as “Yehudai”) and Nishino et al. (U.S Pub. No. 20190303794, hereinafter referred to as “Nishino”) further in view of Andrews et al. (U.S Pub. No. 20240129310, hereinafter referred to as “Andrews”) In regards to Claim 1, Yehudai teaches a method for data processing, comprising: (Par. (0003 and 0022); data processing) aggregating, from a web application firewall (WAF) bridge service that interfaces with one or more WAF services, (Par. (0017); malicious event corresponding to DDoS), (Par. (0025); aggregating malicious event by the firewall), (Figure 1 labels 102, and 104; from a web application firewall (WAF) bridge service (WAF with bridge service of attack analyzer 104 that both aggregate DDoS malicious events) one or more distributed denial of service (DDoS) event records associated with one or more DDoS events, (Par. (0017, 0020 and 0025); malicious events corresponding to DDoS and associated with clusters of malicious DDoS events that are stored in database)) a second sub-analysis of logging information received from the one or more WAF services, and (Par. (0028-0030, 0036-0037 and 0040); a second sub-analysis (analyzer with WAF performs first sub-analysis of determining relationship and distance of features of malicious events and second-sub analysis detecting previously malicious events stored)), (Par. (0028-0030); a second sub-analysis of logging information received (data analyzer with WAF determines malicious events that were previously received and stored and transmits to admin)) a third sub-analysis of a threat intelligence feed to determine one or more characteristics of the one or more DDoS events; (Par. (0037 and 0040-0042); third sub-analysis of threat intelligence feed (multi-stage approach of processing alerts when malicious event is detected) to determine one or more characteristics (features of distance and similarity levels of malicious events with DDoS), (Par. (0031-0033); a threat intelligence feed (batch of alerts with malicious events detected) to determine one or more characteristics (determined based on similarities and features of distance/location)) generating, based at least in part on analyzing the one or more DDoS event records, a security configuration for the one or more WAF services that indicates one or more parameters of the one or more WAF services to be set based at least in part on the one or more characteristics of the one or more DDoS events; (Par. (0024-0025) generating, based at least in part on analyzing the one or more DDoS event records, a security configuration (generating configuration based on malicious events with DDoS) the one or more WAF services (for the firewall management associated with WAF) that indicates one or more parameters of the one or more WAF services (established policies to allow or block traffic) based at least in part on the one or more characteristics (based by determining distances of malicious events with DDoS)) Yehudai does not explicitly teach the one or more DDoS event records converted into a common format via generative artificial intelligence (AI) model processing; analyzing the one or more DDoS event records via a first sub-analysis of one or more headers of the one or more DDoS event records and one or more payloads of the one or more DDoS event records, validating the security configuration in a sandbox environment; and transmitting the security configuration to the one or more WAF services based at least in part on the validation. Wherein Nishino teaches the one or more DDoS event records converted into a common format via generative artificial intelligence (AI) model processing; (Par. (0028-0029 and 0031); converting record to integrated format using machine learning to create conversion data associated to DDoS logs) analyzing the one or more DDoS event records via a first sub-analysis of one or more headers of the one or more DDoS event records and one or more payloads of the one or more DDoS event records, (Par. (0029); analyzing the one or more DDoS event records (communication log 12), (Par. (0029 and 0039) analyzing (classifying) the one or more DDoS event records (communication logs) via a first sub-analysis of one or more payloads (communication log classified based on data and fields)(Figure 2 label 12; first sub-analysis of one or more headers (communication logs of DDoS attack with time header 10:10-10:20), (Par. (0039 and Figure 8 label 22; a first sub-analysis of one or more payloads of the one or more DDoS event records (communication logs of DDoS attacks with data 22 that contains payloads (transmission IP, port no., attribute , path), (Examiner Note: in the instant application the specification does not define a header or payload therefore examiner with broadly and reasonably interpreted a header and payload that is a part of a first analysis to be contents within the communication log/ records that container data and a heading of the log such as time)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai to incorporate the teaching of Nishino to utilize the above feature because of the analogous concept of DDoS event data and logs, with the motivation of utilizing deep learning and machines to classify logs more effectively over a period of time and convert integrated data to be matched and compared as well as detect illegitimate data. (Nishino Par. (0028-0031)) Yehudai and Nishino do not explicitly teach validating the security configuration in a sandbox environment; and transmitting the security configuration to the one or more WAF services based at least in part on the validation. Wherein Andrews teaches validating the security configuration in a sandbox environment; and (Par. (0113 and 0115); validating configuration information in sandbox) transmitting the security configuration to the one or more WAF services based at least in part on the validation. (Par. (0111); providing configuration information to WAF services (proxy)), (Par. (0116-0117); after successful validation of configuration information, proving to proxy according to validated configuration information)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai and Nishino to incorporate the teaching of Andrews to utilize the above feature because of the analogous concept of DDoS attacks and secure protection using firewall services to detect possible threats, with the motivation of creating trust in a cloud network and using firewalls to enhance network security by implementing a threat management facility to help mitigate threats by enforcing policies and permit accessing of resources through the system. (Andrews Par. (0003-0004 and 0026)) In regards to Claim 7, the combination Yehudai, Nishino and Andrews teach the method of claim 1, Nishino further teaches wherein the reporting information is formatted using a generative AI model. (Par. (0028-0029 and 0031); converting record to integrated format using machine learning to create conversion data associated to DDoS logs) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai to incorporate the teaching of Nishino to utilize the above feature because of the analogous concept of DDoS event data and logs, with the motivation of utilizing deep learning and machines to classify logs more effectively over a period of time and convert integrated data to be matched and compared as well as detect illegitimate data. (Nishino Par. (0028-0031)) Yehudai and Nishino do not explicitly teach generating reporting information associated with the one or more DDoS events, the security configuration, the validation of the security configuration, the one or more WAF services, an analysis of the one or more DDoS event records, or any combination thereof, Wherein Andrews teaches generating reporting information associated with the one or more DDoS events, the security configuration, the validation of the security configuration, the one or more WAF services, an analysis of the one or more DDoS event records, or any combination thereof, (Par. (0069 and 0071); reporting of collection of events corresponding to with the one or more DDoS events, (event logs of threat detection) and the one or more WAF services (firewall)), (Par. (0129); generating reporting information associated with the one or more DDoS events (Logging and records corresponding to DNS and threat management)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai and Nishino to incorporate the teaching of Andrews to utilize the above feature because of the analogous concept of DDoS attacks and secure protection using firewall services to detect possible threats, with the motivation of creating reports to identify suspect instances on the security network and creating a filter as well as enhancing the threat detection by compiling collection of reports to increase or decrease security based on the collection. (Andrews Par. (0038 and 0071)) In regards to Claim 11, the combination Yehudai, Nishino and Andrews teach the method of claim 1, Yehudai further teaches the method of claim 1, wherein the one or more characteristics comprise a quantity of the one or more DDoS events, one or more sources of the one or more DDoS events, one or more actions performed during a time period associated with the one or more DDoS events, or any combination thereof. (Par. (0017); DDoS corresponding to malicious events), (Par. (0028-0029); characteristics of malicious events with DDoS include one or more sources (origin IP addresses) and one or more actions performed during a time period (time of attack corresponding malicious events with DDoS)) In regards to Claim 12, the combination Yehudai, Nishino and Andrews teach the method of claim 1, Yehudai further teaches the method of claim 1, further comprising: performing a risk assessment of the one or more DDoS events based at least in part on the one or more DDoS event records, (Par. (0030 and 0037-0038); performing a risk assessment of the one or more DDoS events (analyzing if malicious event compromised user based on previously detected malicious events), (Par. (0017 and 0019); risk assessment of the one or more DDoS events (analyzing and determining of malicious events that contain DDos to see if compromised)), (Par. (0020); based at least in part on the one or more DDoS event records, (store cluster of DDos malicious events)) the logging information, information associated with the threat intelligence feed, previous DDoS event information, or any combination thereof; and (Par. (0030 and 0037-0038); determining compromised users based on previously detected and stored malicious events with DDoS)) determining one or more threat mitigation actions based at least in part on the risk assessment, (Par. (0023 and 0030); based at least in part on the risk assessment, (based on compromise of user and malicious event) determining one or more threat mitigation actions (preventing malicious event with DDoS by blocking client that is compromised and warning admin)) wherein the security configuration is based at least in part on the risk assessment, the one or more threat mitigation actions, or any combination thereof. (Par. (0023 and 0030); security configurations (blocking or allowing traffic) are based at least in part on the risk assessment (analyzing compromised user) , the one or more threat mitigation actions (blocking traffic and warning admin as procedure)) (Examiner Note: By using the phrase “at least in part on one” and “or” Examiner broadly and reasonably interprets in light of the specification that only one of the limitations need to be met) In regards to Claim 13, the combination Yehudai, Nishino and Andrews teach the method of claim 1, Yehudai further teaches the method of claim 1, further comprising: generating one or more security policies, (Par. (0019 and 0024); generating (establishing) policies to allow or block traffic) one or more DDoS signatures, or any combination thereof based at least in part on the one or more DDoS event records, the logging information, or any combination thereof. (Par. (0019 and 0024); policies based on stored malicious events with DDos) (Examiner Note: By using the phrase “or” Examiner broadly and reasonably interprets in light of the specification that only one of the limitations need to be met) In regards to Claim 15, Yehudai teaches an apparatus for data processing, comprising: (Par. (0229 and 0234); apparatus) one or more memories storing processor-executable code; and (Par. (0259); processor) one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to: (Par. (0259); processor with memory) aggregate, from a web application firewall (WAF) bridge service that interfaces with one or more WAF services, one or more distributed denial of service (DDoS) event records associated with one or more DDoS events, (Par. (0017); malicious event corresponding to DDoS), (Par. (0025); aggregating malicious event by the firewall), (Figure 1 labels 102, and 104; from a web application firewall (WAF) bridge service (WAF with bridge service of attack analyzer 104 that both aggregate DDoS malicious events) one or more distributed denial of service (DDoS) event records associated with one or more DDoS events, (Par. (0017, 0020 and 0025); malicious events corresponding to DDoS and associated with clusters of malicious DDoS events that are stored in database)) a second sub-analysis of logging information received from the one or more WAF services, and (Par. (0028-0030, 0036-0037 and 0040); a second sub-analysis (analyzer with WAF performs first sub-analysis of determining relationship and distance of features of malicious events and second-sub analysis detecting previously malicious events stored)), (Par. (0028-0030); a second sub-analysis of logging information received (data analyzer with WAF determines malicious events that were previously received and stored and transmits to admin)) a third sub-analysis of a threat intelligence feed to determine one or more characteristics of the one or more DDoS events; (Par. (0037 and 0040-0042); third sub-analysis of threat intelligence feed (multi-stage approach of processing alerts when malicious event is detected) to determine one or more characteristics (features of distance and similarity levels of malicious events with DDoS), (Par. (0031-0033); a threat intelligence feed (batch of alerts with malicious events detected) to determine one or more characteristics (determined based on similarities and features of distance/location)) generate, based at least in part on analyzing the one or more DDoS event records, a security configuration for the one or more WAF services that indicates one or more parameters of the one or more WAF services to be set based at least in part on the one or more characteristics of the one or more DDoS events; (Par. (0024-0025) generating, based at least in part on analyzing the one or more DDoS event records, a security configuration (generating configuration based on malicious events with DDoS) the one or more WAF services (for the firewall management associated with WAF) that indicates one or more parameters of the one or more WAF services (established policies to allow or block traffic) based at least in part on the one or more characteristics (based by determining distances of malicious events with DDoS)) Yehudai does not explicitly teach the one or more DDoS event records converted into a common format via generative artificial intelligence (AI) model processing; analyze the one or more DDoS event records via a first sub-analysis of one or more headers of the one or more DDoS event records and one or more payloads of the one or more DDoS event records, validate the security configuration in a sandbox environment; and transmit the security configuration to the one or more WAF services based at least in part on the validation. Wherein Nishino teaches the one or more DDoS event records converted into a common format via generative artificial intelligence (AI) model processing; (Par. (0028-0029 and 0031); converting record to integrated format using machine learning to create conversion data associated to DDoS logs) analyze the one or more DDoS event records via a first sub-analysis of one or more headers of the one or more DDoS event records and one or more payloads of the one or more DDoS event records, (Par. (0029); analyzing the one or more DDoS event records (communication log 12), (Par. (0029 and 0039) analyzing (classifying) the one or more DDoS event records (communication logs) via a first sub-analysis of one or more payloads (communication log classified based on data and fields)(Figure 2 label 12; first sub-analysis of one or more headers (communication logs of DDoS attack with time header 10:10-10:20), (Par. (0039 and Figure 8 label 22; a first sub-analysis of one or more payloads of the one or more DDoS event records (communication logs of DDoS attacks with data 22 that contains payloads (transmission IP, port no., attribute , path), (Examiner Note: in the instant application the specification does not define a header or payload therefore examiner with broadly and reasonably interpreted a header and payload that is a part of a first analysis to be contents within the communication log/ records that container data and a heading of the log such as time)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai to incorporate the teaching of Nishino to utilize the above feature because of the analogous concept of DDoS event data and logs, with the motivation of utilizing deep learning and machines to classify logs more effectively over a period of time and convert integrated data to be matched and compared as well as detect illegitimate data. (Nishino Par. (0028-0031)) Yehudai and Nishino do not explicitly teach validate the security configuration in a sandbox environment; and transmit the security configuration to the one or more WAF services based at least in part on the validation. Wherein Andrews teaches validate the security configuration in a sandbox environment; and (Par. (0113 and 0115); validating configuration information in sandbox) transmit the security configuration to the one or more WAF services based at least in part on the validation. (Par. (0111); providing configuration information to WAF services (proxy)), (Par. (0116-0117); after successful validation of configuration information, proving to proxy according to validated configuration information)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai and Nishino to incorporate the teaching of Andrews to utilize the above feature because of the analogous concept of DDoS attacks and secure protection using firewall services to detect possible threats, with the motivation of creating trust in a cloud network and using firewalls to enhance network security by implementing a threat management facility to help mitigate threats by enforcing policies and permit accessing of resources through the system. (Andrews Par. (0003-0004 and 0026)) In regards to Claim 20, Yehudai teaches a non-transitory computer-readable medium storing code for data processing, the code comprising instructions executable by one or more processors to: (Par. (0259); non-transitory computer-readable medium with processor) aggregate, from a web application firewall (WAF) bridge service that interfaces with one or more WAF services, one or more distributed denial of service (DDoS) event records associated with one or more DDoS events, (Par. (0017); malicious event corresponding to DDoS), (Par. (0025); aggregating malicious event by the firewall), (Figure 1 labels 102, and 104; from a web application firewall (WAF) bridge service (WAF with bridge service of attack analyzer 104 that both aggregate DDoS malicious events) one or more distributed denial of service (DDoS) event records associated with one or more DDoS events, (Par. (0017, 0020 and 0025); malicious events corresponding to DDoS and associated with clusters of malicious DDoS events that are stored in database)) a second sub-analysis of logging information received from the one or more WAF services, and (Par. (0028-0030, 0036-0037 and 0040); a second sub-analysis (analyzer with WAF performs first sub-analysis of determining relationship and distance of features of malicious events and second-sub analysis detecting previously malicious events stored)), (Par. (0028-0030); a second sub-analysis of logging information received (data analyzer with WAF determines malicious events that were previously received and stored and transmits to admin)) a third sub-analysis of a threat intelligence feed to determine one or more characteristics of the one or more DDoS events; (Par. (0037 and 0040-0042); third sub-analysis of threat intelligence feed (multi-stage approach of processing alerts when malicious event is detected) to determine one or more characteristics (features of distance and similarity levels of malicious events with DDoS), (Par. (0031-0033); a threat intelligence feed (batch of alerts with malicious events detected) to determine one or more characteristics (determined based on similarities and features of distance/location)) generate, based at least in part on analyzing the one or more DDoS event records, a security configuration for the one or more WAF services that indicates one or more parameters of the one or more WAF services to be set based at least in part on the one or more characteristics of the one or more DDoS events; (Par. (0024-0025) generating, based at least in part on analyzing the one or more DDoS event records, a security configuration (generating configuration based on malicious events with DDoS) the one or more WAF services (for the firewall management associated with WAF) that indicates one or more parameters of the one or more WAF services (established policies to allow or block traffic) based at least in part on the one or more characteristics (based by determining distances of malicious events with DDoS)) Yehudai does not explicitly teach the one or more DDoS event records converted into a common format via generative artificial intelligence (AI) model processing; analyze the one or more DDoS event records via a first sub-analysis of one or more headers of the one or more DDoS event records and one or more payloads of the one or more DDoS event records, validate the security configuration in a sandbox environment; and transmit the security configuration to the one or more WAF services based at least in part on the validation. Wherein Nishino teaches the one or more DDoS event records converted into a common format via generative artificial intelligence (AI) model processing; (Par. (0028-0029 and 0031); converting record to integrated format using machine learning to create conversion data associated to DDoS logs) analyze the one or more DDoS event records via a first sub-analysis of one or more headers of the one or more DDoS event records and one or more payloads of the one or more DDoS event records, (Par. (0029); analyzing the one or more DDoS event records (communication log 12), (Par. (0029 and 0039) analyzing (classifying) the one or more DDoS event records (communication logs) via a first sub-analysis of one or more payloads (communication log classified based on data and fields)(Figure 2 label 12; first sub-analysis of one or more headers (communication logs of DDoS attack with time header 10:10-10:20), (Par. (0039 and Figure 8 label 22; a first sub-analysis of one or more payloads of the one or more DDoS event records (communication logs of DDoS attacks with data 22 that contains payloads (transmission IP, port no., attribute , path), (Examiner Note: in the instant application the specification does not define a header or payload therefore examiner with broadly and reasonably interpreted a header and payload that is a part of a first analysis to be contents within the communication log/ records that container data and a heading of the log such as time)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai to incorporate the teaching of Nishino to utilize the above feature because of the analogous concept of DDoS event data and logs, with the motivation of utilizing deep learning and machines to classify logs more effectively over a period of time and convert integrated data to be matched and compared as well as detect illegitimate data. (Nishino Par. (0028-0031)) Yehudai and Nishino do not explicitly teach validate the security configuration in a sandbox environment; and transmit the security configuration to the one or more WAF services based at least in part on the validation. Wherein Andrews teaches validate the security configuration in a sandbox environment; and (Par. (0113 and 0115); validating configuration information in sandbox) transmit the security configuration to the one or more WAF services based at least in part on the validation. (Par. (0111); providing configuration information to WAF services (proxy)), (Par. (0116-0117); after successful validation of configuration information, proving to proxy according to validated configuration information)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai and Nishino to incorporate the teaching of Andrews to utilize the above feature because of the analogous concept of DDoS attacks and secure protection using firewall services to detect possible threats, with the motivation of creating trust in a cloud network and using firewalls to enhance network security by implementing a threat management facility to help mitigate threats by enforcing policies and permit accessing of resources through the system. (Andrews Par. (0003-0004 and 0026)) Claim(s) 2, 9 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yehudai et al. (U.S Pub. No. 20190372934, hereinafter referred to as “Yehudai”), Nishino et al. (U.S Pub. No. 20190303794, hereinafter referred to as “Nishino”) and Andrews et al. (U.S Pub. No. 20240129310, hereinafter referred to as “Andrews”) further in view of Humphrey et al. (U.S Pub. No. 20210273960, hereinafter referred to as “Humphrey”) In regards to Claim 2, the combination Yehudai, Nishino and Andrews do not explicitly teach transmitting the one or more headers, the one or more payloads, or both, to a generative AI model; and receiving an output of the generative AI model that indicates the one or more characteristics, the output based at least in part on the one or more headers, the one or more payloads, or both. Wherein Humphrey teaches wherein performing the first sub-analysis comprises: transmitting the one or more headers, the one or more payloads, or both, to a generative AI model; and (Par. (0047); first sub-analysis (analysis of threat detection), (Par. (0108); sending payloads (data) to AI models corresponding to cyber threat and suspicious activity) receiving an output of the generative AI model that indicates the one or more characteristics, (Par. (0012); receiving an output of the generative AI model (receive outputs from artificial intelligence classifier) the one or more characteristics (probability a cyber security breach has occurred)) the output based at least in part on the one or more headers, the one or more payloads, or both. (Par. (0119); output based on payloads (data of suspicious activity) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of Humphrey to utilize the above feature because of the analogous concept of detecting cyber threats in a system using machine learning, with the motivation of matching historical attacks and identifying cyber threats more effectively with new tools and techniques to understand attacks using rules and policies as well as implementing metrics and outputs with the machine learning models to determine probability of cyber security breach and safeguard the network. (Humphrey Par. (0004-0008 and 0012)) In regards to Claim 9, the combination Yehudai, Nishino and Andrews teach the method of claim 1, Yehudai further teaches the method of claim 1, wherein performing the third sub-analysis comprises: (Par. (0037 and 0040-0042); third sub-analysis of threat intelligence feed (multi-stage approach of processing alerts when malicious event is detected)), receiving one or more threat intelligence feed records via the threat intelligence feed; (Par. (0051-005); receiving one or more threat intelligence feed records (receiving batch of malicious events)), (Par. (0031-0033); a threat intelligence feed (batch of alerts with malicious events detected) to determine one or more characteristics (determined based on similarities and features of distance/location)) Yehudai, Nishino and Andrews do not explicitly teach wherein the security configuration is based at least in part on a generative AI analysis of the one or more threat intelligence feed records. Wherein Humphrey teaches wherein the security configuration is based at least in part on a generative AI analysis of the one or more threat intelligence feed records. (Par. (0066-0069); a generative AI analysis of the one or more threat intelligence feed records.(machine learning based on detected cyber threats) with the security configuration (actions and automatic response on cyber threats by machine learning), (Par. (0108, 0121, 0183 and 230); security configuration (actions and responses corresponding to machine learning and AI models when detecting threat such as quarantining , and preventing of communications, preventing sending etc.)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of Humphrey to utilize the above feature because of the analogous concept of detecting cyber threats in a system using machine learning, with the motivation of utilizing machine learning and reports generated on cyber security breach to notify users possible compromise and implement the necessary mitigation action to safeguard the system from threats. (Humphrey Par. (0021-0022)) In regards to Claim 16, the combination Yehudai, Nishino and Andrews teach the apparatus of claim 15, Yehudai further teaches the apparatus of claim 15, wherein, to perform the first sub-analysis, the one or more processors are individually or collectively operable to execute the code to cause the apparatus to: (Par. (0028-0030, 0036-0037 and 0040); perform the first sub-analysis (multiple security analyzing and detection by analyzer with malicious events), (Par. (0229 and 0234); apparatus), (Par. (0259); processors)) Yehudai, Nishino and Andrews do not explicitly teach transmit the one or more headers, the one or more payloads, or both, to a generative AI model; and receive an output of the generative AI model that indicates the one or more characteristics, the output based at least in part on the one or more headers, the one or more payloads, or both. Wherein Humphrey teaches transmit the one or more headers, the one or more payloads, or both, to a generative AI model; and (Par. (0108); sending payloads (data) to AI models corresponding to cyber threat and suspicious activity) receive an output of the generative AI model that indicates the one or more characteristics, (Par. (0012); receiving an output of the generative AI model (receive outputs from artificial intelligence classifier) the one or more characteristics (probability a cyber security breach has occurred)) the output based at least in part on the one or more headers, the one or more payloads, or both. (Par. (0119); output based on payloads (data of suspicious activity) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of Humphrey to utilize the above feature because of the analogous concept of detecting cyber threats in a system using machine learning, with the motivation of matching historical attacks and identifying cyber threats more effectively with new tools and techniques to understand attacks using rules and policies as well as implementing metrics and outputs with the machine learning models to determine probability of cyber security breach and safeguard the network. (Humphrey Par. (0004-0008 and 0012)) Claim(s) 3 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yehudai et al. (U.S Pub. No. 20190372934, hereinafter referred to as “Yehudai”), Nishino et al. (U.S Pub. No. 20190303794, hereinafter referred to as “Nishino”) and Andrews et al. (U.S Pub. No. 20240129310, hereinafter referred to as “Andrews”) further in view of Muthurajan et al. (U.S Pub. No. 20180091527, hereinafter referred to as “Muthurajan”) In regards to Claim 3, the combination Yehudai, Nishino and Andrews teach the method of claim 1, Yehudai further teaches the method of claim 1, further comprising: generating, based at least in part on the one or more characteristics of the one or more DDoS events, (Par. (0017 and 0047); generating the one or more DDoS event (generating malicious event associated with DDos)) (Par. (0028-0029); based at least in part on the one or more characteristics of the one or more DDoS events (characteristics of malicious events with DDoS include one or more sources (origin IP addresses) and one or more actions performed during a time period (time of attack corresponding malicious events with DDoS)) Yehudai, Nishino and Andrews do not explicitly teach a plurality of payloads that are responsive to the one or more DDoS events and that comprise waste data; and transmitting the plurality of payloads to one or more sources of the one or more DDoS events in accordance with a randomized transmission pattern. Wherein Muthurajan teaches a plurality of payloads that are responsive to the one or more DDoS events and that comprise waste data; and (Par. (0028-0030);plurality of payloads (malicious events of DDoS with metadata attributes etc.) are responsive to the one or more DDoS events and that comprise waste data (detecting malicious events with metadata to be identified as compromised), (Examiner: In the instant application the specification states on Par. (0168) that waste data refers to “junk” or inauthentic or not genuine responses. Therefore it will be broadly and reasonably interpreted in light of the specification that “waste data” refers to compromised data. transmitting the plurality of payloads to one or more sources of the one or more DDoS events in accordance with a randomized transmission pattern. (Par. (0039-0040); transmitting a plurality of payloads (transmitting malware data) to plurality of hosting computing devices), (Par. (0029-0030); plurality of payloads to one or more sources of the one or more DDoS events (malware data corresponding to DDoS attacks in traffic that are identified by computing devices), (Par. (0013); with a randomized transmission pattern. (Transmitting of malware data associated with DDoS in random manner))(Examiner Note: In the instant application the specification is silent on what a randomized transmission pattern is defined as , therefore it will be broadly and reasonably interpreted in light of the specification that a randomized transmission pattern refers to a random transmission)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of Muthurajan to utilize the above feature because of the analogous concept of detecting DDoS attacks and recorded data through traffic in a network, with the motivation of determining based on network traffic ways to enhance security and prevent intrusion and malware mitigation by testing the network for IP addresses and benign or malicious users in traffic to securely protect the network and utilize various devices in evaluation. (Muthurajan Par. (0007-0009)) In regards to Claim 17, the combination Yehudai, Nishino and Andrews teach the apparatus of claim 15, Yehudai further teaches the apparatus of claim 15, wherein the one or more processors are individually or collectively further operable to execute the code to cause the apparatus to: (Par. (0259); processor) generate, based at least in part on the one or more characteristics of the one or more DDoS events, (Par. (0017 and 0047); generating the one or more DDoS event (generating malicious event associated with DDos)) (Par. (0028-0029); based at least in part on the one or more characteristics of the one or more DDoS events (characteristics of malicious events with DDoS include one or more sources (origin IP addresses) and one or more actions performed during a time period (time of attack corresponding malicious events with DDoS)) Yehudai, Nishino and Andrews do not explicitly teach a plurality of payloads that are responsive to the one or more DDoS events and that comprise waste data; and transmit the plurality of payloads to one or more sources of the one or more DDoS events in accordance with a randomized transmission pattern. Wherein Muthurajan teaches a plurality of payloads that are responsive to the one or more DDoS events and that comprise waste data; and (Par. (0028-0030);plurality of payloads (malicious events of DDoS with metadata attributes etc.) are responsive to the one or more DDoS events and that comprise waste data (detecting malicious events with metadata to be identified as compromised), (Examiner: In the instant application the specification states on Par. (0168) that waste data refers to “junk” or inauthentic or not genuine responses. Therefore it will be broadly and reasonably interpreted in light of the specification that “waste data” refers to compromised data. transmit the plurality of payloads to one or more sources of the one or more DDoS events in accordance with a randomized transmission pattern. (Par. (0039-0040); transmitting a plurality of payloads (transmitting malware data) to plurality of hosting computing devices), (Par. (0029-0030); plurality of payloads to one or more sources of the one or more DDoS events (malware data corresponding to DDoS attacks in traffic that are identified by computing devices), (Par. (0013); with a randomized transmission pattern. (Transmitting of malware data associated with DDoS in random manner))(Examiner Note: In the instant application the specification is silent on what a randomized transmission pattern is defined as , therefore it will be broadly and reasonably interpreted in light of the specification that a randomized transmission pattern refers to a random transmission)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of Muthurajan to utilize the above feature because of the analogous concept of detecting DDoS attacks and recorded data through traffic in a network, with the motivation of determining based on network traffic ways to enhance security and prevent intrusion and malware mitigation by testing the network for IP addresses and benign or malicious users in traffic to securely protect the network and utilize various devices in evaluation. (Muthurajan Par. (0007-0009)) Claim(s) 4 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yehudai et al. (U.S Pub. No. 20190372934, hereinafter referred to as “Yehudai”), Nishino et al. (U.S Pub. No. 20190303794, hereinafter referred to as “Nishino”) and Andrews et al. (U.S Pub. No. 20240129310, hereinafter referred to as “Andrews”) further in view of DeBolle et al. (U.S Pub. No. 20170099182, hereinafter referred to as “DeBolle”) In regards to Claim 4, the combination Yehudai, Nishino and Andrews teach the method of claim 1, Yehudai further teaches the method of claim 1, further comprising: deploying a configuration agent and (Figure 1 label 116 firewall management console), (Par. (0024); deploying a configuration agent (firewall management console is used and has actions of security configuration information to allow or block traffic based on policies) a logging agent that are associated with the one or more WAF services, (Fig 1 label 104, 102 attack analyzer associated with firewall WAF), (Par. (0030); deploying a logging agent (attack analyzer taking action), (Par. (0020); logging agent (attack analyzer) storing clusters of malicious events detected)) wherein the logging information is received from the logging agent. (Par. (0051); logging agent (attack analyzer) receives logging information (batches of malicious events)) Yehudai, Nishino and Andrews do not explicitly teach wherein transmitting the security configuration comprises transmitting the security configuration to the configuration agent, and Wherein DeBolle teaches wherein transmitting the security configuration comprises transmitting the security configuration to the configuration agent, and (Par. (0045); configuration agent (agents with configuration and status) transmitting the security configuration to the configuration agent, (agents with configuration send and receive configuration and status with configuration state and changes)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of DeBolle to utilize the above feature because of the analogous concept of firewall services and DDoS protection in a network, with the motivation of monitoring security configuration and policies as well as changes by identifying header information of path of traffic and implementing policies to mitigate DDoS attacks and steer data away from untrusted zones. (DeBolle Par. (0004-0006, 0031-0032 and 0067)) In regards to Claim 18, the combination Yehudai, Nishino and Andrews teach the apparatus of claim 15, Yehudai further teaches the apparatus of claim 15, wherein the one or more processors are individually or collectively further operable to execute the code to cause the apparatus to: (Par. (0259); processor) deploy a configuration agent and (Figure 1 label 116 firewall management console), (Par. (0024); deploying a configuration agent (firewall management console is used and has actions of security configuration information to allow or block traffic based on policies) a logging agent that are associated with the one or more WAF services, (Fig 1 label 104, 102 attack analyzer associated with firewall WAF), (Par. (0030); deploying a logging agent (attack analyzer taking action), (Par. (0020); logging agent (attack analyzer) storing clusters of malicious events detected)) wherein the logging information is received from the logging agent. (Par. (0051); logging agent (attack analyzer) receives logging information (batches of malicious events)) Yehudai, Nishino and Andrews do not explicitly teach wherein transmitting the security configuration comprises transmitting the security configuration to the configuration agent, and Wherein DeBolle teaches wherein transmitting the security configuration comprises transmitting the security configuration to the configuration agent, and (Par. (0045); configuration agent (agents with configuration and status) transmitting the security configuration to the configuration agent, (agents with configuration send and receive configuration and status with configuration state and changes)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of DeBolle to utilize the above feature because of the analogous concept of firewall services and DDoS protection in a network, with the motivation of monitoring security configuration and policies as well as changes by identifying header information of path of traffic and implementing policies to mitigate DDoS attacks and steer data away from untrusted zones. (DeBolle Par. (0004-0006, 0031-0032 and 0067)) Claim(s) 5 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yehudai et al. (U.S Pub. No. 20190372934, hereinafter referred to as “Yehudai”), Nishino et al. (U.S Pub. No. 20190303794, hereinafter referred to as “Nishino”) and Andrews et al. (U.S Pub. No. 20240129310, hereinafter referred to as “Andrews”) further in view of Erramilli et al. (U.S Pub. No. 20230118341, hereinafter referred to as “Erramilli”) In regards to Claim 5, the combination Yehudai, Nishino and Andrews teach the method of claim 1, Nishino further teaches converting the logging information into a structured format; (Par. (0028-0029 and 0031); converting record to integrated format using machine learning to create conversion data associated to DDoS logs) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai and Andrews to incorporate the teaching of Nishino to utilize the above feature because of the analogous concept of DDoS event data and logs, with the motivation of utilizing deep learning and machines to classify logs more effectively over a period of time and convert integrated data to be matched and compared as well as detect illegitimate data. (Nishino Par. (0028-0031)) Yehudai, Nishino and Andrews do not explicitly teach transmitting the converted logging information to a generative AI model; and receiving an output of the generative AI model that indicates the one or more characteristics, the output based at least in part on the converted logging information. Wherein Erramilli teaches transmitting the converted logging information to a generative AI model; and (Par. (0048 and 0109); converted logging information (modified records) to a generative AI model (modified records ran through ML model); modified records received at ML model)), (Par. (0024); logging information (security events corresponding to modified records)) receiving an output of the generative AI model that indicates the one or more characteristics, the output based at least in part on the converted logging information. (Par. (0032- 0036); receiving an output of the generative AI model (output fed back to ML model) that indicates the one or more characteristics, (model scoring based on characteristics) based at least in part on the converted logging information. (modified records)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of Erramilli to utilize the above feature because of the analogous concept of detecting security events in a network using machine learning, with the motivation of improve security validation of detected events based on metrics and to train machine learning models to process rea-world data and data types to enhance the system. (Erramilli Par. (0014-0016)) In regards to Claim 19, the combination Yehudai, Nishino and Andrews teach the apparatus of claim 15, Nishino further teaches convert the logging information into a structured format; (Par. (0028-0029 and 0031); converting record to integrated format using machine learning to create conversion data associated to DDoS logs) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai and Andrews to incorporate the teaching of Nishino to utilize the above feature because of the analogous concept of DDoS event data and logs, with the motivation of utilizing deep learning and machines to classify logs more effectively over a period of time and convert integrated data to be matched and compared as well as detect illegitimate data. (Nishino Par. (0028-0031)) Yehudai, Nishino and Andrews do not explicitly teach transmit the converted logging information to a generative AI model; and receive an output of the generative AI model that indicates the one or more characteristics, the output based at least in part on the converted logging information. Wherein Erramilli teaches transmit the converted logging information to a generative AI model; and (Par. (0048 and 0109); converted logging information (modified records) to a generative AI model (modified records ran through ML model); modified records received at ML model)), (Par. (0024); logging information (security events corresponding to modified records)) receive an output of the generative AI model that indicates the one or more characteristics, the output based at least in part on the converted logging information. (Par. (0032- 0036); receiving an output of the generative AI model (output fed back to ML model) that indicates the one or more characteristics, (model scoring based on characteristics) based at least in part on the converted logging information. (modified records)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of Erramilli to utilize the above feature because of the analogous concept of detecting security events in a network using machine learning, with the motivation of improve security validation of detected events based on metrics and to train machine learning models to process rea-world data and data types to enhance the system. (Erramilli Par. (0014-0016)) Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yehudai et al. (U.S Pub. No. 20190372934, hereinafter referred to as “Yehudai”), Nishino et al. (U.S Pub. No. 20190303794, hereinafter referred to as “Nishino”) and Andrews et al. (U.S Pub. No. 20240129310, hereinafter referred to as “Andrews”) further in view of Compton et al. (U.S Pub. No. 20190230116, hereinafter referred to as “Compton”) In regards to Claim 8, the combination Yehudai, Nishino and Andrews do not explicitly teach generating a prediction of one or more future DDoS events based at least in part on the one or more characteristics of the one or more DDoS event records; wherein the security configuration is based at least in part on the prediction. Wherein Compton teaches generating a prediction of one or more future DDoS events based at least in part on the one or more characteristics of the one or more DDoS event records; (Par. (0037) prediction model used to predict future DDoS attacks based on characteristics (traffic patterns)), (Par. (0042); prediction model used to forecast likelihood based on DDoS records based on characteristics (patterns)) wherein the security configuration is based at least in part on the prediction. (Par. (0051); security configuration (set of actions such as discarding) based in part on prediction (constituting the predicted malicious traffic flow)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of Compton to utilize the above feature because of the analogous concept of detecting DDoS attacks in a network using machine learning, with the motivation of mitigating DDoS attacks based on detecting traffic and using the current data to predict imminent attacks to create an indication to users and reduce possible threats as well as conserving the resources in a system. (Compton Par. (0005-0006 and 0032)) Claim(s) 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yehudai et al. (U.S Pub. No. 20190372934, hereinafter referred to as “Yehudai”), Nishino et al. (U.S Pub. No. 20190303794, hereinafter referred to as “Nishino”) and Andrews et al. (U.S Pub. No. 20240129310, hereinafter referred to as “Andrews”) further in view of Kasman et al. (U.S Pub. No. 20160173527, hereinafter referred to as “Kasman”) In regards to Claim 14, the combination Yehudai, Nishino and Andrews do not explicitly teach transmitting mitigation information to an external orchestration service, the mitigation information comprising one or more elements of the one or more DDoS event records, one or more elements of an analysis of the DDoS event records, one or more mitigation operations performed, or any combination thereof; and receiving, from the external orchestration service, mitigation workflow information that is based at least in part on the mitigation information. Wherein Kasman teaches transmitting mitigation information to an external orchestration service, (Figure 1 labels 105, 102 and 101/103; transmitting mitigation information to external orchestration service (user 105 transmits DDos mitigation data to 1st and 2nd processing server associated with DDoS Attack mitigation)), (Par. (0012); transmitting (forwarding) mitigation information (string of data, token cookies) to an external orchestration service (DDos attack mitigation central processing server)) the mitigation information comprising one or more elements of the one or more DDoS event records, one or more elements of an analysis of the DDoS event records, one or more mitigation operations performed, or any combination thereof; and (Par. (0034-0035 and 0044-0047); user with SDK device transmits message data to external orchestration service,(DDos attack mitigation central processing server) that performs mitigation operation of authenticating and allowing/blocking requests))(Examiner note: By using the phrase “or” the Examiner broadly and reasonably interprets in light of the specification that only one of the following limitations is required to be met)) receiving, from the external orchestration service, mitigation workflow information that is based at least in part on the mitigation information.(Par. (0012, 0034-0035, 0039, 0042 and 0044); external orchestration service (DDos attack mitigation central processing server) receives mitigation workflow information (challenge and authentication actions of mitigation operation) based at least in part on the mitigation information. (challenge and authentication action based on message data with strings, cookies and token corresponding to DDos attack and request)) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Yehudai, Nishino and Andrews to incorporate the teaching of Kasman to utilize the above feature because of the analogous concept of detecting DDoS attacks in a network and implementing preventative measures, with the motivation of defending against DDoS attacks and creating mitigation techniques to combat smart phones and applications and refine mitigation steps by using a handler to process request with a server and identify schemes and actions before authenticating. (Kasman Par. (0004-0005, 0009 and 0011-0012) Allowable Subject Matter Claims 6 and 10 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The following statement of reasons for the indication of allowable subject matter: Dependent claims 6 and 10 and their respective dependent claims, are allowable over the prior art of record including Yehudai, Nishino and Andrews and the remaining references cited by the Examiner, since the prior art, taken individually or in combination fails to particularly disclose, fairly suggest or render obvious; receiving, via a communication channel of a multi-tenant communication service, a request for information associated with the one or more DDoS events, the security configuration, the validation of the security configuration, the one or more WAF services, an analysis of the one or more DDoS event records, or any combination thereof; transmitting, to a generative AI model, a prompt that is based at least in part on the request; receiving an output of the generative AI model that indicates the information; and transmitting a response to the request that is based at least in part on the output of the generative AI model, as specified in claim 6. wherein generating the security configuration comprises: transmitting a prompt to a generative AI model that indicates the one or more characteristics and comprises an instruction to generate the security configuration; and receiving an output of the generative AI model that indicates at least a portion of the security configuration, as specified in claim 10. Relevant Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Compton; Richard A. (U.S Pub. No. 20190068626) “DISTRIBUTED DENIAL-OF-SERVICE ATTACK DETECTION AND MITIGATION BASED ON AUTONOMOUS SYSTEM NUMBER”. Considered this reference because it addressed DDoS attacks in a system and mitigation techniques. RAO; SUPREETH HOSUR NAGESH (U.S Pub. No. 20220272111) “CLOUD-PLATFORM PUSH FOR KNOWN DATA BREACHES”. Considered this application because it relates security breaches and analysis with multiple nodes in a network. P J; Jose Lejin (U.S Pub. No. 20240259430) “TECHNIQUES FOR PROCESSING QUERIES RELATED TO NETWORK SECURITY”. Considered this application because it addressed network security and machine learning practices in a system. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HASSAN A HUSSEIN/ Examiner, Art Unit 2497
Read full office action

Prosecution Timeline

Sep 20, 2024
Application Filed
Feb 22, 2026
Non-Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/381,883
Patent 12585805
IDENTIFYING AND RESOLVING CONFLICTS IN ACCESS PERMISSIONS DURING MIGRATION OF DATA AND USER ACCOUNTS
2y 5m to grant Granted Mar 24, 2026
17/864,551
Patent 12568094
COMPUTING DEVICE AND METHOD OF DETECTING COMPROMISED NETWORK DEVICES
2y 5m to grant Granted Mar 03, 2026
17/791,547
Patent 12512973
SECRET MAXIMUM VALUE CALCULATION APPARATUS, METHOD AND PROGRAM
2y 5m to grant Granted Dec 30, 2025
18/825,854
Patent 12489632
SYSTEMS AND METHODS FOR ORCHESTRATION OF CRYPTOGRAPHIC TOKEN OPERATIONS
2y 5m to grant Granted Dec 02, 2025
16/634,085
Patent 12483417
COMPUTER-IMPLEMENTED SYSTEM AND METHOD ENABLING SECURE STORAGE OF A LARGE BLOCKCHAIN OVER A PLURALITY OF STORAGE NODES
2y 5m to grant Granted Nov 25, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
58%
Grant Probability
99%
With Interview (+52.2%)
3y 1m
Median Time to Grant
Low
PTA Risk
Based on 127 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month